Apple has sent an email out to developers addressing the reason behind the ongoing multi-day outage of their developer portal, confirming suspicions that it was the result of a security breach.
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
The good news is that Apple had sensitive personal information encrypted, and hopefully in time Apple will be able to rule out the possibility entirely that any unencrypted information was compromised.
The developer portal is used by iOS and Mac developers for managing their developer accounts and apps, as well as accessing areas like developer forums to discuss technical issues. While it’s normal for the site to go down for routine maintenance from time to time, extended outages like this are uncharacteristic, prompting concerns of a privacy breach starting yesterday.
We will continue to post more details as they become available.
Update: Security researcher claims to have reported bugs shortly before Apple took down its developer portal
